Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > JDK 1.7.0_07 and JDK 1.6.0_35 are out

Reply
Thread Tools

JDK 1.7.0_07 and JDK 1.6.0_35 are out

 
 
Roedy Green
Guest
Posts: n/a
 
      08-31-2012
On 31 Aug 2012 06:02:43 GMT, Fredrik Jonson <(E-Mail Removed)>
wrote, quoted or indirectly quoted someone who said :

>That an attacking applet has to be unsigned doesn't limit the severety of
>this vunerability. If the vunerability was only exploitable by signed
>applets, the risk would be somewhat more limited. As it stands right now,
>any script kiddie can compile and publish exploiting code.


A signed applet is by definition dangerous. It is typically allowed to
read/write any files it pleases. Normally unsigned applets are the
safest things going, though I have heard so many false claims they are
not. That is why I was initially suspicious.
--
Roedy Green Canadian Mind Products http://mindprod.com
A new scientific truth does not triumph by convincing its opponents and making them see the light,
but rather because its opponents eventually die, and a new generation grows up that is familiar with it.
~ Max Planck 1858-04-23 1947-10-04


 
Reply With Quote
 
 
 
 
Arne Vajh°j
Guest
Posts: n/a
 
      08-31-2012

On 8/31/2012 6:21 PM, Roedy Green wrote:
> On 31 Aug 2012 06:02:43 GMT, Fredrik Jonson <(E-Mail Removed)>
> wrote, quoted or indirectly quoted someone who said :
>
>> That an attacking applet has to be unsigned doesn't limit the

severety of
>> this vunerability. If the vunerability was only exploitable by signed
>> applets, the risk would be somewhat more limited. As it stands right

now,
>> any script kiddie can compile and publish exploiting code.

>
> A signed applet is by definition dangerous. It is typically allowed to
> read/write any files it pleases. Normally unsigned applets are the
> safest things going, though I have heard so many false claims they are
> not.


They are supposed to be safe.

But the security comes from software. And sometimes
software has bugs.

There were bugs in this case.

There had been bugs before.

And I will be surprised if we do not see bugs in the
future as well.

Arne

 
Reply With Quote
 
 
 
 
Fredrik Jonson
Guest
Posts: n/a
 
      09-01-2012
Hmm,

There are now reports of another sandbox-breaking exploit, that has not been
patched in the Java 7u7 release.

"As in the case of the earlier vulnerabilities, Gowdiak says, this flaw
allows an attacker to bypass the Java security sandbox completely [...]

Unlike the earlier vulnerabilities, no known exploit of the new flaw has yet
been found in the wild, but Gowdiak says he included proof-of-concept code
with the report to demonstrate that an exploit is indeed possible.

Oracle has not acknowledged that the new vulnerability actually exists, but
it has confirmed that it has received Security Explorations' vulnerability
report and is analyzing it."

http://www.theregister.co.uk/2012/08..._patched_java/

--
Fredrik Jonson
 
Reply With Quote
 
Roedy Green
Guest
Posts: n/a
 
      09-02-2012
On 1 Sep 2012 06:38:25 GMT, Fredrik Jonson <(E-Mail Removed)> wrote,
quoted or indirectly quoted someone who said :

> Oracle has not acknowledged that the new vulnerability actually exists, but
> it has confirmed that it has received Security Explorations' vulnerability
> report and is analyzing it."


In the discussion of Stuxnet, I discovered that knowledge of an
unrevelealed flaw goes for about $200K.

There have been so many flaws, I suspect people on the inside are
putting them there on purpose.
--
Roedy Green Canadian Mind Products http://mindprod.com
A new scientific truth does not triumph by convincing its opponents and making them see the light,
but rather because its opponents eventually die, and a new generation grows up that is familiar with it.
~ Max Planck 1858-04-23 1947-10-04


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Diff. the JRE INSIDE the jdk folder and JRE OUTSIDE the JDK folder? Jochen Brenzlinger Java 5 09-02-2011 08:48 PM
Incompatibility between JDK 1.4 and JDK 1.6 Mike Schilling Java 2 09-27-2009 10:59 PM
JDK 1.6.0_15 and JDK 1.5.0_20 released Roedy Green Java 3 08-06-2009 02:20 AM
regarding JDk 141 and JDK 122 for linux 64 bit Platform Jaggu Java 3 01-08-2007 10:47 AM
What is the difference between J2EE, JDK, JDK-SDK, JRE and J2SE packages ? Ulf Meinhardt Java 0 08-10-2006 07:12 PM



Advertisments